[9] RFR: 8168882: keytool doesn't print certificate info if disabled algorithm was used for signing a jar

Sean Mullan sean.mullan at oracle.com
Thu Nov 3 14:00:36 UTC 2016


You should only unset the jdk.jar.disabledAlgorithms property if a 
jarfile has been specified.

Also, you are printing the warning message for all usages of the 
-printcert option, -ssl, etc, which is not correct.

But I don't really think the warning message is necessary. The docs for 
the -printcert option are pretty clear that it simply extracts the 
certificate and prints it. If we are going to put a warning in for 
signed JARs, then arguably we should put in a more general, simple 
warning in for all usages of this option to say that the certificate, 
etc is not verified, ex:

"WARNING: The -printcert option does not verify the certificate."

But again, I don't think this is strictly necessary.

Thanks,
Sean

On 11/2/16 10:40 PM, Wang Weijun wrote:
> Everything is fine now.
>
> Thanks
> Max
>
> On 11/3/2016 9:38 AM, Artem Smotrakov wrote:
>> My bad, I missed that.
>>
>> http://cr.openjdk.java.net/~asmotrak/8168882/webrev.02/
>>
>> Artem
>>
>>
>> On 11/02/2016 06:30 PM, Wang Weijun wrote:
>>>> On 11/01/2016 11:59 PM, Wang Weijun wrote:
>>>>> >> Main.java:
>>>>> >>
>>>>> >> The warning (and the subsequent empty line) should be printed
>>>>> into System.err.
>>> This one?
>>>
>>



More information about the security-dev mailing list